problems with setuid (?)
Maarten Litmaath
maart at cs.vu.nl
Wed Feb 1 02:53:16 AEST 1989
Pabbisetty.henr at xerox.com (Nagesh Pabbisetty) writes:
\# c-shell script file to kill xnsstart and xnshelper
\kill -9 `ps -ax | fgrep xnsstart | fgrep -v fgrep | cut -c1-5`
\kill -9 `ps -ax | fgrep xnshelper | fgrep -v fgrep | cut -c1-5`
A setuid script must start with the `#!' magic number, as in
#! /bin/csh -bf
There can be 1 argument (in this case `-bf'). However, setuid scripts that
don't invoke `/bin/secure' or `/bin/setuid' as `interpreter' are a security
leak! This topic was discussed a couple of months ago in comp.unix.wizards.
Email for more detail.
Both of the programs mentioned above recently appeared in comp.sources.misc.
If you decide to use `/bin/setuid', be sure you have version 1.1 or higher.
Version 1.0 contained a race condition bug.
--
"Does she play, er, tennis? |Maarten Litmaath @ VU Amsterdam:
Wink wink, notch notch!" |maart at cs.vu.nl, mcvax!botter!maart
More information about the Comp.unix.wizards
mailing list